v0.7.0

go.mod

@@ -3,8 +3,8 @@ module github.com/atricore/terraform-provider-iamtf
 go 1.16
 
 require (
-	github.com/atricore/josso-api-go v0.4.4
-	github.com/atricore/josso-sdk-go v0.4.6
+	github.com/atricore/josso-api-go v0.5.0
+	github.com/atricore/josso-sdk-go v0.5.0
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/go-hclog v1.2.0
 	github.com/hashicorp/terraform-plugin-docs v0.13.0
@@ -13,7 +13,3 @@ require (
 	golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c // indirect
 	google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d // indirect
 )
-
-replace github.com/atricore/josso-sdk-go => ../josso-sdk-go
-
-replace github.com/atricore/josso-api-go => ../josso-api-go

go.sum

@@ -67,6 +67,10 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
+github.com/atricore/josso-api-go v0.5.0 h1:sywK9PZO0r05x0kgxsy3sDjjAzNsmTGhIn9kvmnFEi0=
+github.com/atricore/josso-api-go v0.5.0/go.mod h1:Oys9D0y1x+bvyIsnRFl6JOYiIV7KQkuToIQa+jxeuHs=
+github.com/atricore/josso-sdk-go v0.5.0 h1:4EiUY7F7rdWqAyrRWsezNsymFUS8G8YlGh9U7eWyXAY=
+github.com/atricore/josso-sdk-go v0.5.0/go.mod h1:lQ1GHEP3BFlfuyO514wDYeAwfZpUci7QrxD5ABmQ324=
 github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=

iamtf/data_source_iamtf_identity_appliance.go

@@ -44,6 +44,12 @@ func dataSourceIdentityAppliance() *schema.Resource {
 				Optional:    true,
 				Description: "list of additional OSGi bundles this appliance requires",
 			},
+			"branding": {
+				Type:        schema.TypeString,
+				Description: "the name of the UI branding plugin installed in JOSSO",
+				Default:     "josso25-branding",
+				Optional:    true,
+			},
 		},
 	}
 }

iamtf/resource_iamtf_federated_connection.go

@@ -468,11 +468,16 @@ func convertIdPSaml2MapArrToDTO(saml2_arr interface{}, idp *api.IdentityProvider
 		return nil
 	}
 
+	enc, err := mapTFEncryptionToSaml2(saml2_map["encrypt_algorithm"].(string))
+	if err != nil {
+		return err
+	}
+
 	idp.SetWantAuthnRequestsSigned(saml2_map["want_authn_req_signed"].(bool))
 	idp.SetWantSignedRequests(saml2_map["want_req_signed"].(bool))
 	idp.SetSignRequests(saml2_map["sign_reqs"].(bool))
 	idp.SetSignatureHash(saml2_map["signature_hash"].(string))
-	idp.SetEncryptAssertionAlgorithm(saml2_map["encrypt_algorithm"].(string))
+	idp.SetEncryptAssertionAlgorithm(enc)
 	//idp.SetEnableMetadataEndpoint(saml2_map["metadata_endpoint"].(bool))
 	idp.SetEnableMetadataEndpoint(true)
 	idp.SetMessageTtl(int32(saml2_map["message_ttl"].(int)))
@@ -523,8 +528,13 @@ func convertSPFederatedConnectionsMapArrToDTOs(idp IdPRole, d *schema.ResourceDa
 			spChannel.SetWantAuthnRequestsSigned(GetAsBool(d, fmt.Sprintf("%d", spIdx), idp.GetWantAuthnRequestsSigned()))
 			// NOT SUPPORETD BY SERVER :spChannel.SetWantSignedRequests(api.AsBool(saml2_m["want_req_signed"], true))
 			// NOT SUPPORETD BY SERVER :spChannel.SetSignRequests(api.AsBool(saml2_m["sign_reqs"], true))
+
+			enc, err := mapTFEncryptionToSaml2(GetAsString(d, fmt.Sprintf("sp.%d.saml2.0.encrypt_algorithm", spIdx), idp.GetEncryptAssertionAlgorithm()))
+			if err != nil {
+				return result, err
+			}
 			spChannel.SetSignatureHash(GetAsString(d, fmt.Sprintf("sp.%d.saml2.0.signature_hash", spIdx), idp.GetSignatureHash()))
-			spChannel.SetEncryptAssertionAlgorithm(GetAsString(d, fmt.Sprintf("sp.%d.saml2.0.encrypt_algorithm", spIdx), idp.GetEncryptAssertionAlgorithm()))
+			spChannel.SetEncryptAssertionAlgorithm(enc)
 			spChannel.SetMessageTtl(GetAsInt32(d, fmt.Sprintf("sp.%d.saml2.0.message_ttl", spIdx), idp.GetMessageTtl()))
 			spChannel.SetMessageTtlTolerance(GetAsInt32(d, fmt.Sprintf("sp.%d.saml2.0.message_ttl_tolerance", spIdx), idp.GetMessageTtlTolerance()))
 
@@ -560,7 +570,7 @@ func convertSPFederatedConnectionsMapArrToDTOs(idp IdPRole, d *schema.ResourceDa
 	return result, nil
 }
 
-func convertSPFederatedConnectionsToMapArr(fcs []api.FederatedConnectionDTO) ([]map[string]interface{}, error) {
+func convertSPFederatedConnectionDTOsToMapArr(fcs []api.FederatedConnectionDTO) ([]map[string]interface{}, error) {
 
 	result := make([]map[string]interface{}, 0)
 

iamtf/resource_iamtf_identity_appliance.go

@@ -203,7 +203,11 @@ func buildIdentityApplianceResource(idaName string, d *schema.ResourceData, iam
 	_ = d.Set("name", cli.StrDeref(iam.Name))
 	_ = d.Set("namespace", cli.StrDeref(iam.Namespace))
 	_ = d.Set("description", cli.StrDeref(iam.Description))
-	_ = d.Set("branding", cli.StrDeref(iam.UserDashboardBranding.Name))
+
+	if iam.GetUserDashboardBranding().Name != nil {
+		b := cli.StrDeref(iam.GetUserDashboardBranding().Name)
+		_ = d.Set("branding", b)
+	}
 	_ = setNonPrimitives(d, map[string]interface{}{
 		"bundles": convertStringSetToInterface(iam.GetRequiredBundles())})
 

iamtf/resource_iamtf_idp.go

@@ -862,7 +862,7 @@ func buildIdPResource(idaName string, d *schema.ResourceData, idp api.IdentityPr
 	_ = d.Set("saml2", saml2_m)
 
 	// "sp" list
-	sps, err := convertSPFederatedConnectionsToMapArr(idp.FederatedConnectionsA)
+	sps, err := convertSPFederatedConnectionDTOsToMapArr(idp.FederatedConnectionsA)
 	if err != nil {
 		return err
 	}
@@ -1533,6 +1533,29 @@ func mapSaml2EncryptionToTF(encryption string) (string, error) {
 	case "http://www.w3.org/2001/04/xmlenc#tripledes-cbc":
 		return "AES3DES", nil
 	default:
-		return "", fmt.Errorf("invalid encryption type [%s]", encryption)
+		return "", fmt.Errorf("invalid SAML2 encryption type [%s]", encryption)
+	}
+}
+
+func mapTFEncryptionToSaml2(encryption string) (string, error) {
+
+	// "NONE", "AES-128", "AES-256", "AES-3DES"
+
+	// disabled
+	// "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
+	// "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
+	// "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
+
+	switch encryption {
+	case "NONE":
+		return "NONE", nil
+	case "AES128":
+		return "http://www.w3.org/2001/04/xmlenc#aes128-cbc", nil
+	case "AES256":
+		return "http://www.w3.org/2001/04/xmlenc#aes256-cbc", nil
+	case "AES3DES":
+		return "http://www.w3.org/2001/04/xmlenc#tripledes-cbc", nil
+	default:
+		return "", fmt.Errorf("invalid TF encryption type [%s]", encryption)
 	}
 }

iamtf/resource_iamtf_vp.go

@@ -449,7 +449,7 @@ func buildVPResource(idaName string, d *schema.ResourceData, vp api.VirtualSaml2
 	_ = d.Set("saml2_sp", saml2_sp_m)
 
 	// "sp" list
-	sps, err := convertSPFederatedConnectionsToMapArr(vp.FederatedConnectionsA)
+	sps, err := convertSPFederatedConnectionDTOsToMapArr(vp.FederatedConnectionsA)
 	if err != nil {
 		return err
 	}

vendor/modules.txt

@@ -12,10 +12,10 @@ github.com/apparentlymart/go-cidr/cidr
 github.com/apparentlymart/go-textseg/v13/textseg
 # github.com/armon/go-radix v1.0.0
 github.com/armon/go-radix
-# github.com/atricore/josso-api-go v0.4.4 => ../josso-api-go
+# github.com/atricore/josso-api-go v0.5.0
 ## explicit
 github.com/atricore/josso-api-go
-# github.com/atricore/josso-sdk-go v0.4.6 => ../josso-sdk-go
+# github.com/atricore/josso-sdk-go v0.5.0
 ## explicit
 github.com/atricore/josso-sdk-go
 # github.com/bgentry/speakeasy v0.1.0
@@ -348,5 +348,3 @@ google.golang.org/protobuf/types/known/anypb
 google.golang.org/protobuf/types/known/durationpb
 google.golang.org/protobuf/types/known/emptypb
 google.golang.org/protobuf/types/known/timestamppb
-# github.com/atricore/josso-sdk-go => ../josso-sdk-go
-# github.com/atricore/josso-api-go => ../josso-api-go